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... we should have achieved a mathematical model of computa¬ 
tion, perhaps highly abstract in contrast with the concrete nature 
of paper and register machines, but such that programming lan¬ 
guages are merely executable fragments of the theory ... 

Robin Milner [17] 


Summary. Abstract State Machines (ASM) have been introduced as “a computa¬ 
tion model that is more powerful and more universal than standard computation 
models” by Yuri Gurevich in 1985. 

Here we provide a bunch of intuitive and motivating arguments, and charac¬ 
teristic examples for (the elementary version of) ASM. The intuition of ASM as a 
formal framework for an amazingly liberal notion of algorithms is highlighted. Gen¬ 
eralizing variants of the fundamental “sequential small step” version of ASM are 
also considered. 


Introduction 

Many people find ASM difficult to understand. Most of them are convention¬ 
ally educated computer scientists, hence occupied with a bunch of implicit or 
explicit assumptions and expectations on “yet another” specification language 
or computation model. ASM challenge some of those assumptions and expec¬ 
tations. It is this aspect that makes people struggle when trying to understand 
ASM. Would Computer Science education start out with ASM (and there are 
many good reasons to do so), people would conceive the basic ideas of ASM 
as the most simple and natural approach to the notion of “algorithm”. 

This paper addresses the conventionally educated computer scientist. 
To meet his or her implicit and explicit assumptions, the first part of this 
presentation addresses the intuition and foundations of ASM in great detail 
and various aspects. The second part then focuses technical details of the 
most elementary class of ASM. The third part considers various variants and 
extensions. 


I — Intuition and Foundations of ASM 

The first Section addresses the fundamental aspects that make ASM a tech¬ 
nique, quite different from other techniques, to describe algorithms or, more 
generally, discrete systems. Without going into details, the central idea is high¬ 
lighted, and the ASM approach is embedded into the context of first order 
logic and computable functions. 

The second Section is devoted to some small examples. As the central idea 
of ASM is, to some extent, independent of concrete syntactical representa¬ 
tions, we represent each example in a Pseudocode notation, as particularly 
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intuitive for the respective algorithm. The representation of such algorithms 
as syntactically correct ASM is postponed to Sect. 5. As we stick to a version 
of ASM in this paper that can be described by transition systems, we start 
the Section with this fundamental notion. 

Section 3 starts with an investigation on the notion of states. The algo¬ 
rithms of Sect. 2 are use to exemplify how a program is applied to a state. 


1 What Makes ASM so Unique? 

1.1 A Basic Question 

At the first glance, an abstract state machine is just a set of conditional assign¬ 
ment statements. Several extensions of the basis version of ASM have been 
suggested, including parallel, distributed and reactive ones. These concepts 
are likewise not too new. Some versions do with quantified variables, essen¬ 
tially with “Vx...” and “3a;...”. Quantified variables usually don’t appear in 
programming languages, but specification languages such as Z very well use 
quantification. What, then, makes ASM so unique? In what sense are ASM “a 
computation model that is more powerful and more universal than standard 
computation models”, as Yuri Gurevich has written 1985 already [12]? 

1.2 The Central Idea of ASM 

The central and new idea of ASM is easily described: It is the systematic way of 
how symbols occurring in the syntactic representation of a program are related 
to the real world items of a state. In fact, a state of an ASM may include 
any real world objects and functions. In particular, the ASM approach does 
not assume a symbolic, bit level representation of all components of a state. 
Herein it differs from standard computation models - and most obviously to 
Turing Machines - where a state is a (structured) collection of symbols. The 
designer or user of a Turing Machine or any (more involved) programming or 
specification language may very well have in mind a particular meaning of a 
symbol. Examples of such symbols include “1”, “G”, “init” or “millisecond”. 
And a model usually makes little sense without this kind of interpretation. 
But conventional computation concentrates on the transformation of symbols, 
not dwelling too deeply on what they stand for. 

1.3 ASM in the Context of Set Theory and Logic 

ASM’s manner to relate symbols to their interpretation is not new at all. 
One may read the ASM approach as a recommendation to just take seriously, 
what formal logic has revealed in the last century. Since Cantor’s definition 
of a set to be “any collection into a whole M of definite and separate objects 
m of our intuition or our thought” [4], sets entered mathematics in a clear 
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and simple way. Tarski, in [21] suggested structures, including functions and 
predicates over real world items, as the most general mathematical framework. 
First order logic has been developed as a language to define and to analyze 
such structures. In close correspondence to this line of development, Gurevich 
suggests a further step, introducing algorithms over real world items. 

1.4 ASM and Computable Functions 

The above considerations rise the question of implementation: In fact, many 
algorithms are definable by ASM, but can not be implemented on a com¬ 
puter. Furthermore, many of them aren’t even intended to be implemented. 
They rather describe procedures involving real world items. Examples include 
the algorithms to use a teller machine to withdraw money from one’s bank 
account, or the procedure to press buttons on a highriser’s walls and inside 
its lifts, in order to be transported to an upper floor. In any case, ASM is 
a specification language to describe the steps of dynamic, discrete systems. 
Those systems include in particular the systems that are implementable on a 
computer. 

Computability theory characterizes the computable functions as a subset 
of all functions over the integers. Can the ASM-specifiable algorithms likewise 
be described as a subset of a potentially larger class of candidates? In fact, 
Gurevich in [13] provides such a characterization for the most elementary 
class of ASM. Intuitively formulated, a discrete system can be represented 
as a “sequential small step ASM”, if the system exhibits global states and 
proceeds in steps from state to state, and if for each step S —> S' holds: To 
derive S' from S, if suffices to explore a bounded amount of information of S. 
(Details follow in Sect. 6.3). For other classes of ASM similar characterizations 
exist or are under investigation. 

1.5 The Future Role of ASM 

In the above perspective, the theory of ASM contributes to the foundations 
of informatics as a scientific discipline. At the end of the day it may turn 
out that ASM (together with various, so far unknown equivalent notions) 
provide the adequate notion of “algorithms” (with the important subclass of 
the “implementable” algorithms, i.e. the computable functions). 


2 What Kind of Algorithms Do ASM Cover? 

2.1 Transition Systems 

Classical system models of discrete systems assume global states and describe 
dynamic behaviour as steps 
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S-> S' 

from a state S to its successor state, S'. We stick in this paper to systems with 
this kind of behaviour. In technical terms, we consider (initialized) transition 
systems: 

A transition system 

A = (states, init, F) (1) 

consists of a set states of states, init C states of initial states, and a next 
state function F : states —> states. 

A run of a transition system is a sequence 

S 0 S 1 S 2 ... 

of states Sj with So an initial state and S, = F(S,_i) (* = 1 , 2 ,.. .). 

One may suggest to reduce the set states to the reachable ones, i.e. to 
those occurring in runs. But this set may be difficult to characterize. A a 
matter of convenience, it is frequently useful to allow a larger set of states. 

The general framework of transition systems requires no specific properties 
of states. In particular, it is not required to represent all components of a 
state symbolically. The forthcoming examples of - admittedly quite simple - 
algorithms yield transition systems that dwell on this aspect. 

This general version of transition systems is not new at all: In the first vol¬ 
ume of his seminal opus [15], Don Knuth introduces the notion of algorithms. 
As a framework for the semantics of algorithms, Knuth suggests computational 
methods. A computational method is essentially what we called a transition 
system (2). Knuth additionally assumes terminal states t with F(t) = t, and 
calls a transition system A an algorithm if each run of A reaches a terminal 
state. The interesting aspect in Knuth’s definition is that it comes without 
the requirement of F being “effective”. Quoting [15, p8]: “F might involve 
operations that mortal man can not always perform”. Knuth defines effective 
computational methods as a special case: A computational method is effective 
iff it is essentially equivalent to a Turing Machine or to any other mechanism 
for the computable functions. Nowadays, the term “algorithm” is usually used 
to denote what Knuth calls an “effective computational method”. 

As we did above already, we will use the term “transition system” in¬ 
stead of “computational method”, and “effective transition system” instead 
of “effective computational method”. 

Transition systems have been generalized in several directions: Non-termi¬ 
nating computation sequences adequately describe behaviors of reactive sys¬ 
tems; the next-state function F has been generalized to a relation R C Q x Q, 
with computation sequences XoX\... where (xi,x <+ 1 ) e R. This represents 
nondeterminism. Additionally one may require the choice of Xi + 1 to follow a 
stochastic distribution, or to be fair. Some system models describe a single 
behavior not as a sequence of states, but as a sequence of actions. The se- 
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quence orders the actions along a time axis. One may even replace the total 
order by a partial order, representing the cause-effect relation among actions. 

All these generalizations of effective transition systems can be reduced to 
equivalent conventional effective transition systems, by reasonable notions of 
reduction and equivalence. Generalizations of this kind are intended to express 
algorithmic ideas more conveniently. They are not intended to challenge the 
established notion of effective computation. 

We study non-effective transition systems in this paper. The reader may 
wonder whether there is anything interesting “beyond” the computable func¬ 
tions. In fact, there is an exciting proper subclass of all transition systems, 
called “Sequential Abstract-State Machines”, that in turn properly contains 
the effective transition systems. 

Yet, to communicate algorithms, we have to represent them somehow. 
We may allow for any kind of notation, as most intuitive for the respective 
algorithm. 

Distributed systems do not canonically exhibit global states and steps. 
Consequently, transition systems don’t adequately represent their behaviour. 
That kind of systems will shortly be glanced at in part III of this paper, 
together with some other extensions of the basic formalism. 

The rest of this Section describes a series of algorithms, of which none 
is implementable on a computer, but each will turn out representable in the 
framework of ASM. 

2.2 Set Extension 

Let augment be a function with two arguments: The first argument is any 
item. The function augment then extends the set by the item. More precisely, 
for a set M and an item m, define 

augment(M,m) =def M U {m}. (2) 

Now we intend to construct an algorithm that extends any given set M 
by two elements m and n, using the function augment. The idea is obvious: 
In a sequence of two steps, augment one element in each step. We write this 
idea down in the usual style of “pseudocode”. To this end we introduce three 
variables A, x and y which in the initial state Sq are valuated by M, m and 
n respectively. Then the algorithm 

begin 

X := augment(X,x); , . 

X := augment(X,y); ' 

end. 

applied to So, terminates in a state S that valuates X by M IJ {m, n}. Notice 
that this algorithm can be applied to any set M and any elements in and n. 
A bit level representation of M, m and n is not required. 
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2.3 The Tangent Algorithm 

In the geometrical plain assume a circle C with center p, and let q be a point 
outside C (cf. Fig. 1). Design an algorithm to construct one of the tangents 
of C through q . Such an algorithm is well-known from high school: First 
construct the point halfway between p and q. Call it r. Then construct a 


Fig. 1. The problem of the tangent algorithm 


circle D with center r, passing through p (and, by construction, through q). 
The two circles C and D intersect in two points. Pick out one of them; call 
it “s”. The wanted tangent is the line through q and s. Figure 2 outlines this 
construction. Figure 3 shows a corresponding program. 


Fig. 2. The solution of the tangent algorithm 


This algorithm employs three sets of date items: POINTS, CIRCLES and 
LINES, and five basic operations: 

halfway: POINTS x POINTS -> POINTS, 
circle: POINTS x POINTS -* CIRCLES, 
intersect: CIRCLES x CIRCLES -> P(POINTS), 
makeline: POINTS x POINTS -► LINES, 
pick: -P(POINTS) -> POINTS. 

The tangent algorithm does not specify how points, circles and lines are rep¬ 
resented, and how the operations produce their result. One choice was to 
represent a point as a pair of real numbers (®), a circle by its center and 
its radius, and a line by any two points on it. In this case, the above four 
operations (6) can be defined by well established formulas, e.g. 
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halfway((^),(^)) = ( ( ( *££$)- 

The choice from high school was to represent a point as a black dot on a 
white sheet of paper, a circle by its obvious curved line and a (straight) line 
by one of its finite sections. Each of the four above operations (6) can then 
be performed by pencil, rulers and a pair of compasses. 


input (p, C, q) ; 
if q outside C then 
r := halfway(p, q) ; 

D := circle(r, p) ; 

M := intersect(C,D); 

{M = 2} 

s := pick(M); 

1 := makeline(q,s); 
output (1); 

Fig. 3. The tangent algorithm 


Observe that the above algorithm likewise applies to three-dimensional 
points, with spheres replacing the circles. 

2.4 The Bisection Algorithm 

For continuous functions / : K —> K, the bisection algorithm approximates 
zeros, i.e. finds arguments Xq such that |f (xo)| < e for some given bound s. 
This algorithm starts with two real numbers a and b such that /(a) and f(b) 
are different from 0 and have different leading signs. While |f (a) — f (b) | > e, 
two actions are executed: Firstly, the mean m of a and b is computed. Secondly, 
if f (a) and f (m) have different leading signs, a is set to m, otherwise b is set 
to m. Figure 4 outlines a typical step, and Fig. 5 shows this algorithm. 



start 

Fig. 4. Bisection step 
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while |f (a) — f (b) | < £ do 
m := mean(a,b); 

if sign(a) ^ sign(m) then b := m 
else a := m 

Fig. 5. The bisection algorithm 


2.5 The Halting Problem Decision Algorithm 

Let T be the set of all Turing machines. It is well known that T can be 
enumerated, i.e. the sets T and IN correspond bijectively. Let now halt: IN —> 
{0,1} be defined by halt (i) = 0 iff the i-th Turing machine terminates when 
applied to the empty tape. It is well known that halt is not computable (and 
this is the only reason for selecting halt; any other non-computable function 
would likewise do the job). Nevertheless, the algorithm 

input (i) ; 

b : = halt (i) ; (4) 

output (b) . 

“computes” the function /. 

2.6 A Cooking Receipt 

As an - admittedly extreme - case, a cooking receipt may be considered as 
an algorithm, too. An example is the following receipt for Pasta Carbonara: 

A: Fry the Pancetta bacon in the butter over medium-high heat until it 
browns. 

B: In a small saucepan, heat the milk. 

C: Cook the pasta until al dente. Drain well, then return pasta to pot. 

D: Upon termination of A and B, add the bacon and butter to the saucepan. 
Stir well. Add the vinegar. Reduce heat to low and cook the sauce gently 
for about 15 minutes. 

E: Upon termination of C and D, add the sauce, the beaten eggs, and the 
cheese to the pot. Stir well and serve. 

The algorithm starts with three parallel branches A , B, C. A and B are 
single actions and C is a sequence of three actions. Upon termination, A and 
B trigger D. Finally, C and D trigger E. 

2.7 Some General Observations 

The reader may prefer a notion of “algorithm” that would exclude some of 
the behaviours described above, for various reasons. Certainly, none of the 
algorithms is implementable. For example, the bisection algorithm of Sect. 2.4 
applies to any continuous function / and any real numbers a, b and e. But only 
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rare cases of /, a, b and £ are representable in a real computer without causing 
precision problems. Yet, all of them can be handled in a formal setting. The 
forthcoming Part II will provide the details. 


3 Representing States and Steps 

In this Section we first discuss requirements for “faithful” models of algo¬ 
rithms. Then we see that a liberal, albeit classical framework of symbols and 
their interpretation yields a proper notion of states of faithful models of algo¬ 
rithms. Finally, we show how the symbols used in the representation of states 
can also be used to represent steps, and hence algorithms. 

3.1 Faithful Modeling 

Bound to concrete examples, we have usually a clear understanding of what 
an “adequate” description of an algorithm could be: It should cover all aspects 
one would like to emphasize and it should hide all aspects one would prefer not 
to mention. Formulated more precisely, a really “faithful” modeling technique 
represents 

• each elementary object of the algorithm as an elementary object of the 
formal presentation, 

• each elementary operation of the algorithm as an elementary operation of 
the formal presentation, 

• each state of the algorithm as a state of the formal presentation, 

• each step of the algorithm as a step of the formal presentation. 

Formulated comprehensively, objects and operations, as well as states and 
steps of an algorithm and of its model should bijectively correspond. This is 
the tightest conceivable relationship of intuitive and formal presentations of 
algorithms. 

Can this kind of faithful modeling be conceived at all? Is there a modeling 
technique that would achieve this goal at least for some reasonable class of 
algorithms? Are there some general principles to construct such models? This 
are the questions to be discussed in the rest of this Section. 

3.2 Symbols and Their Interpretation in a State 

The programs in (3) and in Figs. 3 and 5 employ symbols that stand for 
various items and functions. For example, X in (3) stands for any initially 
given set, x and y stand for any items and “augment” for a function. The 
algorithm is executable only after interpreting the symbol “X” by a concrete 
set, M, the symbols 11 x” and “y” by concrete items m and n and “augment” by 
the function augment that augments an element to a set. Hence, each initial 
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state of an algorithm must provide an interpretation of all symbols, except 
the key symbols such as begin, if etc. For example, let £ = {X, x, y , augment} 
be a set of symbols and let S' be a state with 

Xs = M, xs = m, ys = n and augment^ = augment 
as defined in (2). 

The program (3) is applicable to this state. The first assignment statement 
of (3), X := augment (X, x), then updates S, thus yielding a new state, S'. 
This state differs from S only with respect to the interpretation of X: 

Xgi = Xg U {to} = M U {to}. 

Then the second assignment statement, X := augment(X, y), is executed, 
yielding a state S" with 

Xg" = Xg> U {n} = M U {m} U {n} = M U {m, n}. 


3.3 Examples: Bisection and Tangent Algorithms Revisited 

The bisection algorithm of Sect. 2.4 can be conceived according to the above 
schema: Based on the symbol set £ = {a,b,e,m, f, mean, sign, <}, assume 
an initial state S with as,bs,£s and ms any real numbers, fs : M —> It any 
function, means ■ R x R —> It with means(x,y) = (x + y)/ 2 , signs ■ R — 5 ► 
{+, —}, with signs{x) = + iff x > 0, and <5 C E x R as usual. Assuming an 
initial state So, the program of Fig. 5 generates a sequence S 0 S 1 S 2 ■ ■ ■ Sj. of 
states, iteratingly updating m,a and b, with finally |/s fc (as fc )| = |/s 0 (°a)I < 
Es■ Note that this holds for any real numbers as 0 and £s 0 and any unary 
function fs 0 over the real numbers. 

The same procedure applies to the tangent algorithm of Sec. 2.3. Given 
the symbol set £ = {C. p. q, r, s, D, M, outside, halfway, circle, intersect, 
pick, makeline} assume an initial state S such that Cs is any circle with 
center pg, and qs a point outside Cs- Furthermore, for points a, b and circles 
A, B let outsides (a, A) = true if a lies outside of A, let half ways{a, b) return 
the point halfway between a and b, let circles{a,b) be the (unique!) circle, 
having a as its center and b on its surface, let inter sect s{A, B) be the set 
of interesting points of A and B and makeline 5 (A, B) be the (unique!) line 
through a and b. For a set M of elements, let picks(M) be an arbitrarily 
chosen element of M. The symbols q, r, s, D, M may freely be interpreted in 
the initial state S. 


3.4 Applying a Program to a State 

The above examples reveal a very simple schema: A representation P of an 
algorithm M consists of two kinds of symbols: 
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1. Key symbols such as begin, :=, end, ;, input, if, then, output, while, 
do, else (in the order of their occurrence in Sect. 2), 

2. constant and function symbols such as X,x,y in (3) and C,p,r,q ,... in 
Fig. 3. 

P can be applied to a state S, where S provides an interpretation as for each 
constant and each function symbol a of P. Applying P to S produces a state 
P(S), where the interpretation of some symbols a have been updated. 

The notion of a state of M deserves a closer investigation: Each constant 
symbol and each function symbol should be interpreted by any item; virtu¬ 
ally “everything” may serve as an interpretation. The only restriction is the 
arity of symbols: A constant symbol must be interpreted by an item, and a 
function symbol with arity n must be interpreted by a function of arity n. For 
example, in (3) the symbol “augment” has arity 2 and so every state S of this 
algorithm must provide a function augments which requires two arguments. 
This restriction does not unduly limit the formalism: A state S (i.e. an inter¬ 
pretation of the constant and function symbols) that violates this restriction 
would spoil any attempt to define the application of P to S. 

A class of such algorithms, called sequential small step algorithms, has 
been characterized by Gurevich [13]. Details will be explained in the Sect. 5. 


II — The Formal Framework 

The ASM approach is based on some few notions that have been identified 
by Tarski [21] as a most useful general conceptual basis for mathematics: The 
notions of structure, signature, and their combination in £-structures. Any for¬ 
malism employs symbols to represent objects that in general are no symbols. 
A-structures provide the means for this kind of arguments. Section 4 presents 
the details. A-structures are the formal basis for A-programs, i.e. pseudocode 
programs over a signature A, as will be defined in Sect. 5, including the im¬ 
portant subclass of sequential, small step ASM programs. Algorithms based 
on such programs are investigated in Sect. 6. 


4 Signatures and Structures 

4.1 Structures 

Here we compile the algebraic prerequisits for the rest of this paper. This is 
merely a reminder for some elementary notions and properties, well estab¬ 
lished in the field of General Algebra. 

As explained above, a state S' of a program is a structure (sometimes also 
called algebra), consisting of 


• a set U, the universe of S, 
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• finitely many constants, viz elements of U, and 

• finitely many functions over U, shaped <fi: U n —> U. n is the arity of <f>. 

Constants can be conceived as degenerated functions, with arity zero. So, 
a structure S is usually written 

S = {U,<j>4> k ). (5) 

With Hi the arity of the constant or function <j>i, the arity tuple (ni ,... ,rik) 
is the type of S. 

4.2 Homomorphism and Isomorphism 

Fundamental relationships among structures are homomorphisms and isomor¬ 
phisms: 

Assume two structures R = {Ur, ip \,..., %fk) and S = (Us,<j>i, ■ ■ ■ 
both of the same type (rii,..., Uk). Assume furthermore a mapping h : Ur —> 
Us such that for all i = 1,..., k and all u\, ..., u ni £ Ur holds: 

h{ipi(u\,... ,u ni )) = <t>i(h(ui),...,h(u ni )). (6) 

Then h is a homomorphism from R to S', written h : R —> S. Figure 6 shows 


(l^l, • • • , ) 

! h ••• h 

( h(u \),... ,h(u ni )) 


'tpi (^1 5 • • • ? i ) 

h 

h(lpi(u 1 , . . • ,UnJ) = 

<t>i{h{ui ),..., 4>i{h{u ni )) 


Fig. 6. The homomorphism property 


the property of an homomorphism in a diagrammatic form. 

Let now R and S be structures of the same type and let h : R — > S be a 
bijective homomorphism. Then h is called an isomorphism. 

It is not difficult to show that the reverse function / -1 : Us —► Ur of an 
isomorphism / : R —> S is again a homomorphism, / -1 : S —» R. Hence, it is 
reasonable to declare two structures R and S as isomorphic, written R ~ S, 
if there exists an isomorphism h : R —> S. 

4.3 Signatures and Ground Terms 

The symbols occurring in a program can be collected in a signature. Each 
function symbol is associated its arity and each constant symbol is given the 
arity 0. A signature £ with symbols ft,..., fi is usually written 


Z= (/i, •■,«/) 


(7) 
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with a* the arity of fi (i = 1,... ,1). (oq,..., a;) is the type of £. 

A signature £ yields canonically the set Ts of ground terms over £: Ts 
is the smallest set of sequences of symbols in £ such that 

• each constant symbol in £ is an element of T's 

• if t € £ with arity n and if t \,..., t n € T's then f(t\,..., t n ) £ Ts- 

Tjj is apparently infinite iff £ contains at least one constant symbol and 
one symbol with arity n > 1. 

Ground terms typically occur on the right hand side of an assignment 
statement, such as in u x := x + 1”. In the context of ASM, “x” is a constant 
symbol and “+” a function symbol of arity 2. The ground term “+(a;, 1)” is 
written in the more convenient infix form “x + 1”. First order logic employs 
terms with additional symbols, called variables. The basic version of ASM, 
considered here, does without variables. We will see later that ground terms in 
their general form may also occur as the left side of an assignment statement, 
i.e. an assignment may be shaped as 

f(tr, ..., t n ) := ... . 

This may be conceived as an update of an array. 

4.4 .E'-Structures 

A structure S = (U, fa ,..., fa) of type (m,... ,nk) as in (5), “fits” to a 
signature £ = (fi,..., fi, aq,..., a{) as in (7) if both have the same type, i.e. 
if k = l and (ni,..., rife) = (aq,..., ai). In this case, S' is a £-structure. The 
function fa is the interpretation of fa in S and we frequently write fa as f ls . 
Hence, S can be written 


S = (U,fi s , —j/fc s )- 

Each term t £ canonically denotes an element t$ of the carrier of each 
A-structure S, defined by induction over the structure of T^: 

• ts = fi s if t = fi and m = 0 

• ts — fi s (t i s , ... , t ns ) if t = f{t\ , . . . , tn). 

A signature £ yields the set str(£) of all £-structures. This is a rich 
set, including a variety of quite different structures. Vice versa, if S is a 17- 
structure as well as a V'-structure, both signatures £ and £’ are identical up 
to bijective renaming of their symbols. 

4.5 Two Lemmata on 17-Structures 

The following two Lemmata will help characterize the expressive power of 
ASM algorithms. The first Lemma states that the homomorphism property 
of 17-structures extends to terms: 
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Lemma 1: [homomorphism] 

Let E be a signature, let R and S be two E-structures, and let h : R —> S be 
an homomorphism. Then holds h(t R ) = ts for all t £ Ts- 

Proof: By induction over the structure of Ts- 

First case: t is a constant symbol. Then the property holds according to the 
definition of homomorphism (cf. (6) in Sect. 4.2). 

Second case: t = f(ti ,..., t n ). The inductive hypothesis implies h(ti R ) = t is 
for i = 1 ,,n. Then, again by definition of homomorphism, 

h(t R ) = h(f(t i,...,t n ) R ) 
h {f, ■ * ■ ) I’npff) 

= fs(h(t lR ),...,h(t n J) 
fS if Is 5 • • ■ > t'ns) 

= fs(ti, ...,t n ) = t s . □ 

The second lemma states that isomorphic 17-structures can not be distin¬ 
guished by help of equations over terms: 

Lemma 2: [indistinguishability] 

Let E be a signature, let R and S be two E-structures, and let R ~ S. Then 
for all t, u € Ts holds: t R = u R iff ts = u$. 

Proof: Let h : R —> S be an isomorphism. According to the above Lemma 
on homomorphism t R = u R iff h(t R ) = h(u R ) iff ts = us■ □ 

5 Sequential, Small Step ASM Programs 

Part I provided the intuition and Sect. 4 the formal means to define syntax 
and semantics of a special kind of programs P: Given a signature E, each state 
S of P is just a 27-Structure. The step-function of P, providing for each state 
S a successor state P(S ), is syntactically represented by the help of terms in 
Ts, together with some key symbols such as if, then, := etc. 

In this Section we define a particularly simple version of such programs. We 
start with assignment statements that update constants and functions. Then 
we proceed to sets of consistent statements and to conditional statements, 
and finish with “sequential, small step ASM programs”. The semantics of 
such programs is rigorously defined in a mathematical setting. 

5.1 Simple Assignment Statements 

The simplest form of a program over a signature E is just an assignment 
statement, shaped 

/ := t ( 8 ) 

with / a constant symbol in E and t £ Ts- 
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Applied to a 17-structure S, (8) yields the step 

S S' 


where S' updates the value of /: The constant symbol f gains ts as a new 
value in S', i.e. 

fs 1 = t s 


and the semantics of all other symbols remains untouched, i.e. gs’ 
each g £ £, g ^ f. For example, with the signature 

= gs for 

£=(c,f, 0,1) 

(9) 

and the 17-structure 


S = (IN, 0, sue) 

(10) 

holds cs = 0 and fs = sue. The step 


g c:=/(c) ) g, 

(11) 


yields cs’ = 1 and fs> = sue. 

As an exercise, the reader may show that (2) updates the value of each 
term t, £ Ts, more precisely: 

ts = n iff ts> = n + 1 


for each t £ Ts- 

5.2 Updates of Functions 

The general form of assignment statements over a signature £ is shaped 

f(t 1 ,...,t n ):=t, (12) 

with / £ £ and £ Ts, of which (8) is the special case with n = 0. 

fs may be conceived as a n-dimensional array, to be updated for one argument 
tuple. A step 

updates f s at (ti s ,..., t ns ) by t s , yielding 

fs r (ti s , . . . , tns ) t’S • 

Hence, the right hand side as well as the terms t\,...,t n denoting the 
arguments of the array on the left hand side are evaluated in the initial state, 
S. The function / remains untouched for all other arguments, i.e. 



Abstract State Machines for the Classroom The Basics - 


17 


fs'(u 1 , ...,u n ) = fs(ui, ...,u n ) 

for all (u -[,..., u n ) 7 ^ (fi s ,..., t ns ). Likewise, the semantics of all other func¬ 
tion symbols remains, i.e. 

9s> = 9s 

for all g £ S, g ^ f. As an example we consider the signature S and the 
^-structure S as in (9) and (10). The step 

g /(c) ==c g, 


yields cs = 0 , hence with ( 11 ) 

/s'(O) = fs'{c S ) = 0. 

For all i> 1, fs(i) remains untouched, i.e. 

fs'(i) = fs(i ) = suc{i) = i + 1. (13) 

Therefore, the functions fs and fs' differ only for the argument 0. 

As an exercise, the reader may show that (13) updates the value of all 
terms t £ Ts (except t = c), i.e. 


ts> = 0. 

Summing up, in a step S' —> S' , an assignment statement selects in S one 
constant, or one function at one argument tuple, and in S' replaces it by a 
new value from the universe of S. In particular, the universe of S' coincides 
with the universe of S. 

In view of terms, an update S — 11 ——-> S' potentially yields fresh val¬ 
ues for all terms u which include as a subterm any term shaped f(v i,..., v n ) 
with (v ls ,...,v ns ) = (t ls ,...,t ns ). 

5.3 Consistent Assignment Statements 

A step S' —> S' of an ASM program in general executes more than one assign¬ 
ment statement. This is easily achieved provided each two such assignments 
are consistent , i.e. they don’t try different updates of the same constant, or of 
the same function at the same argument tuple. More precisely, two assignment 
statements f(t \,..., t n ) := t and /(iti,..., u n ) := u are consistent at a state 
S if 

(ti s ,.. .,t ns ) = (ui s ,.. -,u ns ) implies t s = u S - 

This definition is easily generalized: A set Z of assignment statements is 
consistent at a state S if the elements of Z are pairwise consistent at S. 
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To define the semantics of assignment statements formally, let if be a 
signature and let Z be a set of assignment statements with terms in Tjj. Let 
furthermore S be an if-structure and assume Z be consistent at S. Then S 
and Z together define a step 

S S' (14) 

where S' is a If-structure, too, and the universe U of S' is identical to the 
universe of S. For an n-ary symbol / £ £ and an argument u £ U n we define: 
In a state S, Z updates fs at u by v in case Z includes an assignment statement 
shaped f(t\,... ,t n ) := t with u = (t\ s ,... ,t ns ), and v = ts■ For S' as in 
(14), the value of fs>( u) is now given by 


fs>( u) 


v , in case Z at S updates /s(u) by v 
fs( u) , otherwise. 


(15) 


5.4 Guards and Conditional Assignment Statements over a 
Signature £ 

ASM employ conditional assignment statements, shaped 

if a then r, (16) 

where r is an assignment statement and a is a boolean expression. The term 
a plays the role of a guard in (16). 

For a signature £, the guards over £ are symbol sequences such that 

• for all t, u £ Tjj, “t = u” is a guard over £ and 

• if a and f3 are guards over £, so are “a A /3” and “->a”. 

Hence, we assume each signature £ be extended by the symbols =, A, 
true, false. Each A-structure S is expected to interpret these symbols as 
usual. This implies for each guard a over £ and each A-structure S, 

as G {true, false}. 

(16) is a conditional assignment statement over a signature £ iff 

• a is guard over £ and 

• r is an assignment statement over £, as defined in (12) 


5.5 Sequential, Small Step ASM Programs and Semantics 

A sequential, small step ASM program P over a signature A 1 is a set of con¬ 
ditional assignment statements over £, as defined in Sect. 5.4. To each £- 
structure S, the program P defines a successor structure S ', usually written 
P(S), by the step 
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S A S'. (17) 

To define S', let Z =def {r| ex. “if a then r” G P and as = true}. If Z is 
consistent at S, construct S' according to (15), otherwise let S' = S. 

Then term “sequential” is bewildering in the face of concurrently exe¬ 
cuted statements; the term lock step was perhaps more intuitive. Furthermore, 
“small step” refers to the limited number of updates during a step: The num¬ 
ber of updates is bounded by the number of conditional statements. Hence, 
the term bounded was perhaps more on the point. We will however follow 
traditions. 

5.6 Simulation of Conventional Control Structures 

Usual forms of programs differ from sequential small step ASM mainly w.r.t. 
control: Sequences, alternatives and iterations are replaced in ASM in fa¬ 
vor of parallel execution of a set of conditional assignment statements. That 
ASM can simulate conventional control structures is fairly obvious; Sect. 5.7 
will show some examples. Vice versa, some additional constant symbols help 
simulate the ASM control structure by conventional control structures, i.e. 
sequences, alternatives and iteration. 

This kind of simulation comes however with a price: One step of an ASM 
program usually requires a sequence of steps in terms of conventional control 
structures. This price is quite high in the context of ASM, because a decisive 
aspect of ASM is the expressive power of their single steps, as discussed in 
Sect. 3.1: A sequence S —> S'' —> S' of two steps from S to S’ is not “as good 
as” the single step S S'. 

5.7 Examples 

Section 2 presented a couple of algorithms. We may wonder how they can be 
represented as ASM programs. 

The set extension program of Sect. 2.2 is no ASM program at first glance: 
An ASM program cannot express sequential composition. This deficit is easily 
overcome by a well-known “trick”: Extend the initial state by a fresh variable, 
l, and valuate l by 0 in the initial state, So- Reformulate (3) by 


if 

1=0 

then 

X 

:= g(X,x); 

if 

1=0 

then 

1 

:= 1; 

if 

1=1 

then 

X 

:= g(x»y); 

if 

1=1 

then 

1 

:= 2 


endpar. 

The same technique can be applied to get rid of the sequential composition 
in the tangent algorithm in Sect. 2.3. Borger and Stark in [3] suggested a 
further, elegant representation of sequential behaviour. 
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The bisection algorithm of Sect. 2.4, formulated as an ASM, reads 


if stop(a,b)=true then result := a, 

if ->(stop(a,b)=true) A f(mean(a,b))=0 then result := mean(a,b), 
if -i(stop(a,b)=true) A -i (f (mean(a,b) )=0) 

A eqsign(f(a),f(mean(a,b)))=true then a := mean(a, b), 
if -i(stop(a,b)=true) A —> (f (mean(a,b) )=0) 

A eqsign(f(b),f(mean(a,b)))=true then b := mean(a, b) 

As a final example consider a system composed of four components: 

prod: a producer to produce items, 

send: a sender to send produced items to a buffer, 

rec : a receiver to take items from the buffer, 

cons: a consumer to consume items provided by the receiver. 

We base the model of this system onto a signature including the 0-ary 
symbols x, y and buffer. Their value may represent items to be processed 
by the system. Furthermore, the values of x and y may be undefined (repre¬ 
sented by x_undef and y_undef, respectively), and the buffer may be empty 
(represented by b_empty). 

The components interact as follows: In case the value of x is undefined, 
a fresh value item is assigned to x (by prod), then forwarded to the empty 
buffer (by send), removed from the buffer and assigned to y (by rec), and 
finally consumed (by cons). 

Applied to an initial state Sq with xg 0 = x_undefg 0 , y So = y_undef S( . and 
bufferg 0 = b_empty So , the following components define a sequential ASM 
program with the described behaviour: 

prod —def { if x=x_undef then x := item } 
send =def if _l (x=x_undef) A buffer=b_empty then 
{ buffer := x; x := x_undef } 
rec ~def if -| (buff er=b_empty) A y=y_undef then 
{ y := buffer; buffer := b_empty } 
cons =def { if ^(y=y_undef) then y := yjundef } 

Then 

r = prod U send U rec U cons (18) 

is the required sequential ASM. Its behaviour is: 


So 


prod 

-» Si 


send 


> s 2 


prod 

—» S 3 

rec 


send 


> s 4 


cons 


prod 

—» s 5 


(19) 


where each step is inscribed by the components with guards that evaluate to 
true. 
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6 Properties of Sequential Small Step ASM Programs 

The semantics of programs as defined in Sect. 5.5 implies a series of properties 
of steps, to be considered here. Two of them (“steps preserve universes” and 
“steps respect isomorphism”) are quite obvious. The third one, “exploration 
is bounded”, is intuitively also simple, but requires a bit of formalism. 

In the rest of this Section we assume a sequential small step ASM program 
P over a signature 27, and a 27-structure S. 

6.1 Steps Preserve Universes 

The semantics of sequential small step ASM programs, as defined in Sect. 5.5, 
is based on (15) and (14). There it is explicitely specified: 

The universes of S and P(S) coincide. 


6.2 Steps Respect Isomorphism 

Let R be a 27-structure, and let h : S —» R be an isomorphism. Definitions 
in Sect. 5.3 imply for a set Z of assignment statements, that Z is consistent 
at S iff Z is consistent at R. Furthermore, for each fc-ary / € 27 and each 
argument tuple (iq,..., Uk) for fg, the set Z updates fg at (iq,... ,Uk) by 
v iff Z updates fg at (h(ui),..., h(uk)) by h(v). Consequently, referring to 
(15), /p(s)(ui,...,«fc) = v iff fp(R)(h(ui),... ,h(u k )) = h(v). Together with 
(17) now follows: 


If h : R —* S is an isomorphism, then 
h : P(R) —> P(S) is an isomorphism, too. 

6.3 Exploration Is Bounded 

To properly understand the last property, we reconsider the semantics of ASM 
programs, as given in (14) and (15): P only describes the updates of a state S, 
and does not care about the rest of S. In fact, the rest of S is just adopted in 
P(S). Technically, an update of a step S —» P(S) is given by three parameters: 
A function symbol / £ 27, an n-tuple u of arguments for fg, and the new value, 
v. Formulated more formally, let 27 be a signature, let / be a function symbol 
in 27 with arity n, let U be a universe, let u € U n and let v £ U. Then 

(/,u,v) (20) 

is a E-update over U. For a step S —> P(S), the triple (20) may be used to 
indicate that fs( u) is updated by v. 
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Each step of P yields a set of updates. This motivates the following def¬ 
inition: A JC-update (/, u, v) over the universe U of S' is a P-update of S 
iff 


fs( u) ^ fp(s){ u) = v. 

Let 

A (P,S) 

denote the set of all P-updates of S. 

Now, let T C Ts be the set of all terms occurring in P. Let R and S be 
two 17-structures that T can not distinguish, i.e. for all t £ T 

t-R = ts■ (21) 

Then P inevitably yields the same updates for both states: 


A(P,R) = A(P,S). 


( 22 ) 


7 Gurevich’s Theorem on Sequential Small Step 
Algorithms 

We are now searching for a characterization of the expressive power of se¬ 
quential small step ASM. We state this problem as a question to transition 
systems, as considered in (1) allready. 

7.1 A Question and a Partial Solution 

What requirements at a transition system A = (states, init, F) would guar¬ 
antee that F can be represented as a sequential small step ASM program P 
as defined in Sect. 5.5? 

It will turn out that essentially the properties discussed in Sect. 6 provide 
such a set of requirements. 

The first requirement for the above question is obvious: There must exist 
a signature E such that states (and hence init) is a set of A-structures. The 
properties of sequential small step ASM, as discussed in Sect. 6, must hold for 
F, hence they provide another three requirements for the above question: F 
preserves universes, i.e. for each state S estates, the domains of S and F(S) 
coincide. Furthermore, F respects isomorphisms, i.e. for each S £ states and 
each isomorphism h : R —> S, h : F(R) —» F(S) is an isomorphism, too. 
This requires F be well defined for each R isomorphic to some S £ states. 
Consequently, we require states be closed under isomorphism, i.e. if S £ 
states and S ~ R, then R £ states. The last requirement starts out with the 
obvious observation that the required program P essentially does with finitely 
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many terms t £ T s . Together with (21) and (22) this implies that there exists 
a finite set T C TL of terms such that two states evolve the same updates if 
they interpret all t £ T alike. 

7.2 Some Properties of Transition Systems 

The above informal discussion, together with Sect. 6 is now rephrased in a 
more formal setting. To this end, let A = (states, init, F) be a transition 
system. 

A is signature based iff there exists a signature £ such that states is a set 
of 17-structures. If £ is known, A is denoted as £-based. 

In the rest of this Section, assume A to be £-based. 

A preserves universes if for each S £ states, the universes of S and of 
F(S) coincide. 

A is isomorphism closed if for each S £ states and each structure R ~ S 
holds: R £ states. 

A respects isomorphism iff for each S £ states and each isomorphism 
h: R—> S, h : F(R) —> F(S) is an isomorphism, too. 

The last property requires the following definition: For a state S £ states, 
an update of A at S is a triple (/, u, v) with / £ £, u £ U k and v £ U, where 
k is the arity of /, U is the carrier of S and /s(u) ^ fF(S)( u ) = v - Let A (S) 
denote the set of all updates at a state S £ states. The last property now 
reads: 

A bounds exploration iff there exists a finite set T C of terms, such 
that for all R } S £ states holds: If t.R = ts for all t £ T £, then A (R) = A (S'). 

A is ASM-adapted iff A is signature-based, A preserves universes, A is 
isomorphism closed, A respects isomorphism and A bounds exploration. 

7.3 Gurevich’s Theorem 

It has been shown in Sect. 6 that the properties of Sect. 7.2 provide necessary 
conditions for the question of Sect. 7.1: F can be represented as a sequential 
small step ASM program only if A is ASM-adapted. 

As an amazing and beautiful result, Gurevich in [13] has proven that this 
property is even sufficient! Hence, 

Theorem 1 Let A = ( states , init,F ) be an ASM-adapted transition system. 
Then there exists a sequential small step ASM program P such that 

F — P | states- 

The proof of this Theorem is far from trivial. It has critically been exam¬ 
ined in [20]. 
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III — Extensions 


Not each algorithm is sequential or small step. There are distributed, reactive, 
and large step algorithms. The ASM approach covers those algorithms as 
generalizations of the version presented in Part 3.4. We glance at some of 
those versions in this part. 


8 Sequential Large Step ASM Algorithms 

As explained in Sect. 5.5, the term “small step” refers to the limited amount 
of updates in each step of an ASM program P: This number is bounded by 
the number of assignment statements in P. Of course, there are algorithms 
without such a bound. 

We present an example of such an algorithm and show its representation 
in an extended version of ASM programs. 

8.1 An Example: Node Reachability 

Let G be a directed graph and let root be a distinguished node of G. We 
search for an algorithm that computes a unary predicate R on the nodes of 
G, to discern the nodes reachable from root. 

Intuitively, this algorithm operates as follows: Initially, R(x ) holds if and 
only if x ist the root. The following step is iterated until a fixpoint is reached 
(i.e. a state identical to its successors state): For all arcs x —>> y with R(x) and 
-<R(y), extend R by y. 

The amount of updates executed in one step is unbounded: In a state S, 
the number of arcs x —> y in G with R(x) and ->R(y), is not limited. A step 
may even include an infinite amount of updates, in case a node has infinitly 
many neighbours. The algorithm can therefore not be represented by a small 
step ASM program. 

8.2 Quantified Variables 

The above node reachability algorithm can be presented with a standard tech¬ 
nique of formal logic, viz with quantified variables. The steps of the algorithm 
can then be described by the program 

for all x,y with Edge(x,y) A R(x) A —>R(y) do . . 

R(y) := true. 

(23) is a large step ASM program. 

An algorithm is large step not only if the amount of updates fails to be 
bounded, but also if the amount of involved explorations is unbounded. An 
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example is the following ASM program that checks whether a given graph has 
isolated points: 


if Vx 3y Edge(x,y) then output := false 
else output := true 


9 Non-deterministic and Reactive ASM 

So far we assume an ASM program P over a signature £ to define a unique 
successor state, P(S ) for each state, i.e. each A-structure, S. This generalizes 
to a set P(S) of successor states, for non-deterministic programs P. Nonde¬ 
terminism can be caused by different means, considered in the sequel. 

9.1 Non-deterministic Semantics 

One may change the semantic rule of (15): In a state with more than one 
assignment statement’s guard valuated to true, one may select one or a subset 
of then for execution. Though possible in principle, this idea is fairly bewilder¬ 
ing for the reader used to the conventional approach and has therefore rarely 
been used. 

9.2 The Operator “choose” 

The choose operator is frequently useful. For example, let A = {ai,..., a*,} 
be a set of symbols. An algorithm is to produce all symbol sequences u £ A* 
such that there exist v,w £ A* with 

u = vw, v ^ w and |u| = |tt>|. 

The ASM program of Fig. 7 (with “choose” and “for all”) does the job. 


choose n,i with i<n 

choose a,b £ A with a^b 
v(i) := a 
w(i) := b 
forall j<n, j^i 

choose a,b £ A 
v(j) : = a 
w(j) := b 


Fig. 7. Appliance of choose 
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9.3 The Reactive Case 

The last source for non-determinism is the case of the environment updating 
a constant fs or a function fs for some argument tuple u, at a state S. This 
is the case of reactive systems. 

From the perspective of a program P, a step S —> S' then includes a 
spontaneous change of the value of fs or /s(u), respectively, not caused by 
P. Technically, this is a non-deterministic choice from an - in general infinite 
- set of alternatives: An elegant method to construct reactive ASM programs. 
As an alternative to this kind of “inter step” interaction, an “intra step” 
interaction includes a system step together with a step of the environment. 
Details on this topic can be found e.g. in [2], [1] and many other papers 
published mainly by Blass and Gurevich. 

9.4 Turbo Algorithms 

As frequently mentioned, the faithful modeling requirement as discussed in 
Sect. 3.1 is sensible against the atomicity of steps. There are good reasons to 
squeeze more than one action, in particular communicating actions of reactive 
algorithms, into one step. This aspect has been addressed in many contribu¬ 
tions including [11] and [3]. 

9.5 Recursive Algorithms 

The quest of atomicity of actions is particularly crucial for recursive algo¬ 
rithms. A typical example was Quicksort. Faithful representation of such al¬ 
gorithms requires a recursive version of ASM, as introduced e.g. in [14]. 


10 Distributed ASM 

Both small step and large step ASM algorithms describe a single run of an 
algorithm, as a sequence SqS\ ... of states Si . This is not adequate for dis¬ 
tributed algorithms. As discovered by C.A. Petri in the 1960ies already [18] 
and later on discussed also by Pratt [19], Lamport [16] and Gurevich [11], a 
run of a distributed algorithm is a partially ordered set of events, with a > b 
iff a is causally necessary for b. 

10.1 Distributed ASM programs 

This gives rise to the idea of a distributed version of ASM: A distributed ASM 
is just a nonempty, finite set of ASM programs, all over the same signature, E. 
The programs are then called components of the distributed ASM, and every 
A-structure forms a state of the distributed ASM. The components may be 
executed concurrently in case they involve stores with separate locations. 

A proper definition of distributed small step ASM can be found in [10] . 
The general case of distributed ASM is discussed in [11]. 
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10.2 An Example of a Distributed ASM 

As an example consider the producer/consumer system of Sect. 5.7: In contrast 
to the sequential program T of (18), the set 

D = {prod,send,rec, cons} (24) 

is a distributed ASM. Notice that (24) differs decisively from (18): A sequential 
ASM is a single set of conditional assignment statements, while a distributed 
ASM is a family of sets of conditional assignment statements. This implies 
a notion of distributed runs. The order of occurrences of the component pro¬ 
grams in the run of T, as depicted in (19), is 

prod ——► send ——► prod 

prod -► send ^ . . . (25) 

rec ——cons -—► rec 

In contrast, the ASM program D in (24) yields a partially ordered run of 
occurrences of its four components, shown in (26). 



It is illuminating to compare the partial order of the component occurrences, 
as outlined in Fig. 26, with the partial order of (25): In fact, the latter is 
unnecessarily strict. This is due to the lockstep semantics of a sequential 
ASM: A run is a sequence of steps, and its action occurrences are unordered if 
they belong to the same step. This yields partial orders with a transitive non¬ 
order relation, such as (25). Figure 26 shows that, for a distributed run of a 
distributed ASM, non-order of action occurrences is not necessarily transitive: 
The second production occurs unordered with first consumption, which in turn 
occurs unordered to second send. But second production is causally before 
second send. This example shows that distributed ASM in fact provide a 
substantial generalization of sequential ASM. 


11 ASM as a Specification Language 

In this paper we do not even attempt to glance the huge amount of application 
projects of ASM. Nor do we discuss all the tools and techniques, e.g. for 
refinement and simulation, that support ASM as a specification language. We 
concentrate on one fundamental aspect only, i.e. the role of constants and 
functions for various purposes in an algorithm. 
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11.1 Static Constants and Functions 

Theory does not prevent any state S to interpret the constant symbol “2” 
by the boolean value “true”, or to interpret the function symbol by the 
function that assigns each employee of a company his or her salary. But this 
is not what the reader expects. There is a number of symbols with unique 
world wide accepted interpretations; including the integer symbols “0”, ..., 
“9” to construct representations of integers and rational numbers, and func¬ 
tion symbols such as +, —, tJ, -1 , etc. to denote the corresponding well known 
functions. Some symbols have a generally agreed denotation only in distin¬ 
guished communities. It is of course reasonable to inquire the initial state 
S of an algorithm to interpret such symbols according to their conventional 
denotation and never to update them. In Sect. 5.4 we remarked already the 
symbols for propositional logic such as and “A” must be interpreted as 
usual, in order to construct reasonable guards. A set of constants and func¬ 
tions is available this way and denoted as static for obvious reasons. 

More generally, we denote as “static” also constants and functions that 
are fixed in the initial state and are never updated. They typically play the 
role of input to the algorithm. Typical examples are / and e in the bisection 
algorithm, C and p in the tangent- and / in the halting problem decision 
algorithm. 

Notice the generalized concept of “input” here: It may include entire func¬ 
tions, such as / in Fig. 5 and (4), hence, in general, infinite structures. 

11.2 Constant Symbols as “Program Variables” 

The non-static constants include in particular symbols which in conventional 
programming languages would play the role of variables: Such a symbol, x, 
gains some - irrelevant - value in the initial state, x is updated before being 
read, i.e. an assignment statement with x at the left side is executed before an 
assignment statement with x occurring in the term of its right side is executed. 
Consequently, a 0-ary symbol frequently plays the role of a program variable: 
A frequent source of confusion for ASM beginners. In particular the reader 
must not confuse this kind of constants with quantified variables as introduced 
for large step ASMs in Sect. 7. 


11.3 Further Roles of Constants and Functions 

A constant symbol occurring at the left, but never at the right side of an 
assignment statement, may be used as an output variable for reactive algo¬ 
rithms. 

More generally, for the sake of clarity one may explicitly declare a constant 
symbols as an “output variable” in case it is assumed to be read by the 
environment. 
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12 Conclusion 

This paper is intended to show that the ASM approach in deed suggests 
a reasonable notion of “algorithm”, very adequate as a framework for the 
modeling of systems. Implementable systems come as the special case of states 
with a bit level representation for all components. 

Two aspects in particular motivate the choice of ASM: Firstly, ASM fit 
perfectly into the framework of general algebra and logic. The notion of struc¬ 
ture, signature, and 17-structure are well established to describe system states 
in an abstract way. Computer science employs those notions in the context 
of Algebraic Specifications, to abstractly describe states. As a (sequential) 
behaviour is a sequence of states, it is very natural to describe steps in terms 
of 17-structures, too. 

Secondly, the definition of a sequential small step ASM as a set of simul¬ 
taneously executed set of conditional statements, is very well motivated by 
Gurevich’s Theorem, as described in Sect. 7.3. 

The idea to employ mathematical structures as components of states has 
been advocated in [5] already: Data spaces such as stacks, trees and all forms 
of data structures from Algol, Lisp and Fortran, together with correspond¬ 
ing operations, define virtual machines. ASM generalizes this to any kind of 
data spaces, via algebras; [5] sticks to structures that are implementable in a 
canonical way. 

[7] suggests to define the state of a program V as 17-algebras, exactly 
as done in ASM. Ganzinger formally defines the semantics of V to be a free 
construct, i.e. a mapping from a set of 17-algebras to a set of 17-algebras. [8] 
expands on this idea; it may be likewise applied to ASM. 

The “state-as-algebra” paradigm [8] has been a basis for various lines of 
research. Categorial constructs, as employed in [7] already, are likewise used 
in [22]. In [9], the authors show that the “state-as-algebra” paradigm is useful 
to describe the semantics of specification languages such as VDM, Z and B. 
They advocate the combination of algebraic and imperative specifications, of 
which ASM is an example. A further example is the “Algebraic Specification 
with Implicit state” approach of [6]. 

Modern specification techniques such as Z, TLA and FOCUS follow logic 
based guidelines, such as “a specification is a (huge) logical expression”, “im¬ 
plementation (refinement) is implication”, or “composition is conjunction”. 
The ASM formalism has not been designed along these guidelines, nor does 
it contradict them. It might be useful to critically review those guidelines in 
the light of ASM. 

One may very well expect a lot of related representations of algorithms to 
arise, in particular further variants of nondeterministic, distributed interactive 
and other variants, both small-step and large step, together with interesting 
characterizing Theorems, in analogy to Gurevich’s Theorem in Sect. 7.3. On 
the long range, one may get used to this approach as an adequate starting 
point for computer sciences curricula. 



30 Wolfgang Rcisig 

13 Acknowledgements 


I gratefully acknowledge Yuri Gurevich’s patient answers to my many ele¬ 
mentary questions on ASM. I owe much to Egon Borger, as he introduced me 
to the fields of ASM. Without Dines Bjprner’s invitation to the Stara Lesna 
School in June 2004 and his friendly, persistent proposals, I would never have 
written this contribution. Andreas Glausch pointed at weak points in a pre¬ 
liminary version of this paper, thus soliciting a comprehensive update, and 
hopefully - solid simplification. 


References 

1. Andreas Blass and Yuri Gurevich. Ordinary Small-Step Algorithms. ACM 
Trans. Comput. Logic, 7:2, 2006. 

2. Andreas Blass, Yuri Gurevich, Dean Rosenzweig, and Benjamin Rossman. Gen¬ 
eral Interactive Small-Step Algorithms. Technical report, Microsoft Research, 
August 2005. 

3. Egon Borger and Robert Stark. Abstract State Machines - A Method for High- 
Level System Design and Analysis. Springer-Verlag, 2003. 

4. Georg Cantor. Gesammelte Abhandlungen mathematischen und philosophischen 
Inhalts. Berlin: Springer-Verlag, 1932. 

5. A.B. Cremers and T.N. Hibbard. Formal Modeling of Virtual Machines. IEE 
on Software Engineering, SE-4 No 5:426-436, September 1978. 

6. P. Dauchy and M.-C. Gaudel. Implicit state in algebraic specifications. In 
ISCORE’93, volume No 01/93 of Informatik-Berichte. Universitat Hannover, 
1993. 

7. H. Ganzinger. Programs as Transformations of Algebraic Theories. In 11. GI- 
Jahrestagung, Informatik-Fachberichte 50, pages 32-41. Springer-Verlag, 1981. 

8. H. Ganzinger. Denotational Semantics for Languages with Modules. In 
D. Bjprner, editor, Formal Description of Programming Concepts - II, pages 
3-20. North-Holland, 1983. 

9. M.-C. Gaudel and A. Zamulin. Imperative Algebraic Specifications. In PSI’99, 
Novosibirsk, June 1999, volume 1755 of LNCS, pages 17-39. Springer-Verlag, 
2000 . 

10. Andreas Glausch and Wolfgang Reisig. Distributed Abstract State Machines 
and their Expressive Power. Technical Report 196, Humboldt-Universitat zu 
Berlin, Institut fur Informatik, Unter den Linden 6, 10099 Berlin, Germany 
http://www.informatik.hu-berlin.de/top, January 2006. 

11. Y. Gurevich. Evolving Algebras 1993: Lipari Guide. In Egon Borger, editor, 
Specification and Validation Methods, pages 9-36. Oxford University Press, 1995. 

12. Yuri Gurevich. A new thesis. American Mathematical Society Abstracts, page 
317, August 1985. 

13. Yuri Gurevich. Sequential Abstract State Machines Capture Sequential Algo¬ 
rithms. ACM Transactions on Computational Logic, 1(1):77- 111, Juli 2000. 

14. Yuri Gurevich and Marc Spielmann. Recursive abstract state machines. J. UCS, 
3(4):233-246, 1997. 



Abstract State Machines for the Classroom The Basics - 


31 


15. Donald E. Knuth. Art of Computer Programming, Volume 1: Fundamental 
Algorithms. Addison-Wesley Professional, 1973. 

16. Leslie Lamport. Time, clocks, and the ordering of events in a distributed sys¬ 
tem. Communications of the ACM, 21(7):558-565, 1978. Reprinted in several 
collections, including Distributed Computing: Concepts and Implementations, 
McEntire et ah, ed. IEEE Press, 1984. 

17. Robin Milner. Software Science: From Virtual to Reality. Bulletin of the EATCS, 
(87):12 16, 2005. EATCS Award Lecture. 

18. C.A. Petri. Kommunikation mit Automaten. Schriften des Institutes fur In- 
strumentelle Mathematik Bonn, 1962. 

19. V.R. Pratt. Modeling concurrency with partial orders. Int. J. of Parallel Pro¬ 
gramming, 15(1):33-71, Feb 1986. 

20. Wolfgang Reisig. On Gurevich’s Theorem on Sequential Algorithms. Acta In- 
formatica, 39(5):273-305, 2003. 

21. A. Tarski. Contributions to the theory of models I. Indagationes Mathematicae, 
16:572-581, 1954. 

22. E. Zucca. From Static to Dynamic Abstract Data-Types. In A.Szalas 
W.Penczek, editor, MFCS 96, volume 1113 of LNCS, pages pp 579-590, 1996. 



Wolfgang Reisig 



